T-Mobile has just suffered yet another data breach
Some customers suffered sim-swap attacks or leaks of personal information.
If you’re a T-Mobile customer, you might have been the victim of yet another cyberattack. The Uncarrier seems to also be Unsecure, this time with a “small number of” customer accounts being accessed by the hackers.
That’s according to internal documents given to The T-Mo Report, which detail the hacks that took place in December. The accounts were either the victim of sim-swapping, customer proprietary network information (CPNI) leaking, or both.
That’s worrying for T-Mobile customers. Sim-swapping is an attack where hackers associate another physical SIM card with the number, effectively taking over the phone number. That lets them access two-factor authentication codes to get into the affected user’s accounts.
Combined with the CPNI, hackers could drain bank accounts, take out credit, or anything they could think of in the name of the unsuspecting T-Mobile customer. T-Mobile says that anyone who was sim-swapped in this latest attack has had the issue rectified.
Back in August, T-Mobile suffered a massive cyberattack that could have affected 100 million people. The final tally was closer to 50 million, which really isn’t any better. That total included current customers, prior customers, and even prospective customers that hadn’t signed up for service.
In that hack, hackers took all the personal information they could, including social security numbers, driver’s license numbers, birthdays, and full names.
One person claimed responsibility for the breach, a 21-year-old American living in Turkey. He claimed that access came through an unsecured router attached to their main network.
His actual words about the state of T-Mobile’s security? “Their security is awful.”
T-Mobile’s support team on Twitter has confirmed the attacks (shown above), with a message saying to direct message them if you think you were affected.
- LastPass users: it seems some master passwords are out in the wild and compromised
- Samsung’s Galaxy Store is hosting malicious apps that distribute malware
- Sennheiser exposed the data of thousands of customers in an unsecured server
- New Amazon Ring patents outline a racist dystopian future